<?php
if ($_SERVER['REQUEST_METHOD'] != 'POST') exit('Please don\'t access this page directly.');

$c = get_post_data();
$status = 1;
$c['agent'] = get_global($_SERVER, 'HTTP_USER_AGENT');
$c['ip'] = get_global($_SERVER, 'REMOTE_ADDR');

if (empty($c['post_id'])) error('Please don\'t access this page directly.');
else $c['post_id'] = (int)$c['post_id'];

setcookie($tablePrefix.'name', $c['name'], time()+(60*60*24*365), '/');
setcookie($tablePrefix.'email', $c['email'], time()+(60*60*24*365), '/');
setcookie($tablePrefix.'website', $c['website'], time()+(60*60*24*365), '/');

/*==============================
===== GET POST INFO
==============================*/
$post = get_single_item(array(
	'table' => POSTS,
	'class' => 'post',
	'where' => '`post_id` = "'.$c['post_id'].'" AND `post_status` = "1" AND `post_comments` = "1" AND NOW() > `post_date`'
));
if (empty($post)) error('You are trying to comment on an invalid entry.', true);
$permalink = $post->get_permalink(false);

/*==============================
===== CHECK NAME
==============================*/
if (empty($c['name']) || !preg_match('/^[a-z0-9 \.\'-]+$/i', $c['name']) || strtolower($c['name']) == 'google')
	error('Please enter a valid name.', true);

/*==============================
===== EMPTY/INVALID SITE, EMAL, AGENT, IP
==============================*/
if (empty($c['email']) || !valid_email($c['email']) || contains_spam($c['email']))
	error('Please enter a valid email.', true);
elseif ((!empty($c['website']) && !valid_url($c['website'])) || $c['website'] == 'http://')
	$c['website'] = '';
if (preg_match('/(google.com|blogs.ign)/', $c['website']))
	error('My spam protection system shows that you are trying to spam me.', true);
elseif (empty($c['agent']) || bad_agent($c['agent']))
	error('My spam protection system shows that you are trying to spam me.', true);
elseif (empty($c['ip']))
	error('My spam protection system shows that you are trying to spam me.', true);

/*==============================
===== SESSION SPAM
==============================*/
session_start();
$session = get_global($_SESSION, 'commentSpam');
if (empty($session) || $session != $c['spam'])
	error('My spam protection system shows that you are trying to spam me.', true);
session_destroy();

/*==============================
===== CHECK COMMENT
==============================*/
if (empty($c['comment']))
	error('Please enter a comment.', true);
elseif (substr_count($c['comment'], 'url=') > 2 || substr_count($c['comment'], 'http://') > 2)
	error('My spam protection system shows that you are trying to spam me.', true);
elseif (contains_spam($c['comment']))
	$status = 0;

$result = $mysql->query('SELECT COUNT(*) FROM `'.COMMENTS.'` WHERE `comment_status` = "1" AND (`comment_author_ip` = "'.$c['ip'].'" OR `comment_author_email` = "'.$c['email'].'")');
if ((int)mysql_result($result, 0) <= 0)
	$status = 0;

/* ########## START PROCESSING ########## */
$result = $mysql->insert(COMMENTS, array(
	'comment_post_id' => $post->get_id(),
	'comment_date' => get_date($dateFormats['mysql']),
	'comment_author' => $c['name'],
	'comment_author_email' => $c['email'],
	'comment_author_site' => $c['website'],
	'comment_author_ip' => $c['ip'],
	'comment_author_agent' => $c['agent'],
	'comment_content' => $c['comment'],
	'comment_status' => $status
));


if ($result) {
	$comment = get_single_item(array(
		'table' => COMMENTS,
		'class' => 'comment',
		'where' => '`comment_id` = "'.$mysql->lastInsertId.'"'
	));
	$comment_permalink = $comment->get_permalink(false);
	
	if (get_option('email_comments') && $c['ip'] != currentuser()->ip) {
		$header = array();
		$header[] = 'From: '.currentuser()->get_email();
		$header[] = 'Reply-To: <'.$comment->author_email.'>';
		$subject = 'New Comment: '.$post->title;
		
		$content = $comment->content;
		$name = $comment->author;
		$email = $comment->author_email;
		$site = (!empty($comment->author_site)) ? $comment->author_site : 'not submitted';
		$approved = bool2word($status);
		$sent = get_date();
		$post_title = $post->title;
	
		$message = <<<HTML
$name has left a comment on $post_title.

Name: $name
Email: $email
Site URL: $site

$content

--
Post: $permalink
Comment permalink: $comment_permalink
--
Ip: {$c['ip']}
Agent: {$c['agent']}
Approved: $approved
--
Form Sent: $sent
--
HTML;
		
		mail(currentuser()->get_email(), $subject, $message, implode("\n", $header));
	}
	
	if (!empty($comment_permalink)) header('Location: '.$comment_permalink);
	else header('Location: '.$permalink);
} else
	error('There was an error adding your comment. Please try again later.');
?>